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Art Unit: 2431 

1 This action is in response to the communication filed on 4/2/2009. 

2 DETAILED ACTION 

3 Response to Arguments 

4 Applicant's arguments filed 4/2/2009 have been fully considered but they are not 

5 persuasive. 

6 All objections and rejections not set forth below have been withdrawn. 

7 Claims 1, and 42-45 have been examined. Claims 2-41 have been cancelled. 

8 Title 

9 The title of the invention is not descriptive. A new title is required that is clearly 

10 indicative of the invention to which the claims are directed. 

1 1 Information Disclosure Statement 

12 The information disclosure statement (IDS) submitted on 4/2/2009 was filed after the 



13 mailing date of the first action on the merits on 1/2/2009. The submission is in compliance with 

14 the provisions of 37 CFR 1 .97. Accordingly, the information disclosure statement is being 

15 considered by the examiner. However, note that the references listed have not been provided by 

16 the applicants, and as such have not been considered. 

17 Specification 

18 While the amendment to the specification was not compliant with 37 CFR 1.121, because 

19 no markings indicating the changes made were shown, the examiner has examined the claims in 

20 order to prevent any delay in prosecution of the application. 
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1 

2 Claim Rejections - 35 USC §103 

3 The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

4 obviousness rejections set forth in this Office action: 

5 A patent may not be obtained though the invention is not identically disclosed or 

6 described as set forth in section 102 of this title, if the differences between the subject matter 

7 sought to be patented and the prior art are such that the subject matter as a whole would have 

8 been obvious at the time the invention was made to a person having ordinary skill in the art to 

9 which said subject matter pertains. Patentability shall not be negatived by the manner in which 
10 the invention was made. 

11 

12 Claims 1 and 43 arc rejected under 35 U.S.C. 103(a) as being unpatentable over 

1 3 Bushmitch et al (US Patent Application Publication 2002/0 1 5960 1 ) hereinafter referred to as 

14 Bushmitch, and further in view of Morlang et al. (US Patent Application Publication 

1 5 2003/0 1 82576) hereinafter referred to as Morlang. 

16 Bushmitch disclosed a method for providing a user device with a set of access codes, the 



17 method comprising: receiving from a user device a first message comprising an identification 

1 8 code associated with an encryption key stored in the user device, wherein the first message is 

19 sent via a communications network (Bushmitch Paragraphs 0074-0075); storing an encryption 

20 key corresponding to the encryption key and the identification code stored in the user device 

21 (Bushmitch Paragraph 0076), allocating the set of access codes on receipt of the identification 

22 code from the user device (Bushmitch Paragraph 0075), encrypting the set of access codes using 

23 the encryption key to produce an encrypted set (Bushmitch Paragraph 0075), and sending a 

24 second message containing the encrypted set to the user device for storing (Bushmitch Paragraph 

25 0075); and, upon a number of unused access codes for the user device reaching a predetermined 
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1 threshold (zero), sending a third message containing a new set of access codes to the user device 

2 via the network (Bushmitch Paragraph 0053), wherein the new set of access codes are encrypted 

3 with the encryption key associated with the identification code (Bushmitch Paragraph 0075). 

4 However, Bushmitch did not specifically disclose performing, at the server, a look up function 

5 based on the identification code received in the message to retrieve the key from storage. 

6 Morlang teaches that in order to protect communications between two nodes, an 

7 encryption key can be shared between the nodes, and stored in a table with an associated 

8 identifier. Then, in order to establish the encrypted connection, the client can send a message 

9 including the session identifier, which the server uses to retrieve the encryption key, and then 

10 encrypt the communications (Morlang Paragraphs 0025-0026). 

11 It would have been obvious to the ordinary person skilled in the art at the time of 

12 invention to have employed the teachings of Morlang in the system of Bushmitch by sending a 

13 session identifier from the portable storage device to the gateway in order to allow the gateway 

14 to determine a proper pre-shared encryption key. This would have been obvious because the 

15 ordinary person skilled in the art would have been motivated to protect the communications 

16 between the gateway and the portable storage device. 

17 Regarding claim 43, Bushmitch and Morlang taught tracking the access codes used by the 

1 8 user device, and sending the new set of access codes to the user device in response to the number 

19 of unused access codes reaching a predetermined threshold (Bushmitch Paragraph 0053). 

20 Claims 42, and 44 are rejected under 35 U.S.C. 103(a) as being unpatentable over the 

21 combination of Bushmitch and Morlang as applied to claim 1 above, and further in view of Seth- 

22 Smith et al. (US Patent 4,890,321) hereinafter referred to as Seth-Smith. 
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1 Regarding claim 42, while Bushmitch and Morlang did disclose receiving a request for 

2 the new set of access codes from the user device, comparing the number of unused access codes 

3 to the predetermined threshold after every use; and sending the new set of access codes to the 

4 user device upon receipt of the request (Bushmitch Paragraph 0053), Bushmitch and Morlang did 

5 not disclose wherein the user device tracks its own access code use. However, Bushmitch did 

6 disclose that the user device knew how many access codes had been used (Bushmitch Paragraph 

7 0053). 



8 Seth-Smith teaches that in a credit system, when the credit is running low, the user's 

9 system can alert the user such that the user may obtain more credit (Seth-Smith Col. 28 Lines 27- 

10 47). 

11 It would have been obvious to the ordinary person skilled in the art at the time of 



12 invention to have employed the teachings of Seth-Smith in the authentication provisioning 

13 system of Bushmitch and Morlang by having the client check and see if the number of 

14 authentications left are low, and if so alert the user. This would have been obvious because the 

15 ordinary person skilled in the art would have been motivated to alert the user that re-initialization 

16 is necessary. 



17 Regarding claim 44, Bushmitch, Morlang, and Seth-Smith taught that the request is sent 

1 8 from the user device responsive to a manual input from the user (Bushmitch Paragraph 0074). 

19 Claim 45 is rejected under 35 U.S.C. 103(a) as being unpatentable over the combination 

20 of Bushmitch and Morlang as applied to claim 1 above, and further in view of Rune (US Patent 

21 Number 5,850,444). 
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1 While Bushmitch and Morlang taught sending a message containing the encrypted set of 

2 access codes (Bushmitch Paragraph 0075), Bushmitch and Morlang failed to specifically teach 

3 receiving from the user device a fourth message comprising a public key of a public/private key 

4 pair generated at the user device; generating a session key; encrypting the set of access codes 

5 with the session key to produce a session key encrypted set; encrypting the session key with the 

6 public key to produce an encrypted session key; and sending a message containing the session 

7 key encrypted set and the encrypted session key to the user device via the network. 

8 Rune, on the other hand, teaches that in order to securely transmit data, receiving from 

9 the user device a message comprising a public key of a public/private key pair generated at the 

10 user device; generating a session key; encrypting the set of access codes with the session key to 

1 1 produce a session key encrypted set; encrypting the session key with the public key to produce 

12 an encrypted session key; and sending a message containing the session key encrypted set and 

13 the encrypted session key to the user device via the network (Rune Col. 3 Lines 34-50). 

14 It would have been obvious to the ordinary person skilled in the art at the time of 

1 5 invention to have employed the teachings of Rune in the re-initialization process of Bushmitch 

16 and Morlang by receiving from the client a message comprising a public key of a public/private 

17 key pair generated at the client; generating a session key; encrypting the set of authentication 

1 8 data with the session key to produce a session key encrypted set; encrypting the session key with 

19 the public key to produce an encrypted session key; and sending a message containing the 

20 session key encrypted set and the encrypted session key to the client via the network. This 

2 1 would have been obvious because the ordinary person skilled in the art would have been 

22 motivated to provide a secure manner of distributing the authentication data. 
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1 Conclusion 

2 Claims 1 and 42-45 have been rejected. 

3 The prior art made of record and not relied upon is considered pertinent to applicant's 

4 disclosure. 

5 Applicant's amendment necessitated the new ground(s) of rejection presented in this 

6 Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 

7 Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

8 A shortened statutory period for reply to this final action is set to expire THREE 



9 MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 

10 MONTHS of the mailing date of this final action and the advisory action is not mailed until after 

1 1 the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 

12 will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 

13 CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 

14 however, will the statutory period for reply expire later than SIX MONTHS from the date of this 

15 final action. 



16 Any inquiry concerning this communication or earlier communications from the 

17 examiner should be directed to MATTHEW T. HENNING whose telephone number is 

18 (571)272-3790. The examiner can normally be reached on M-F 8-4. 

19 If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

20 supervisor, William Korzuch can be reached on (571)272-7589. The fax phone number for the 

21 organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 



2 Application Information Retrieval (PAIR) system. Status information for published applications 

3 may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

4 applications is available through Private PAIR only. For more information about the PAIR 

5 system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

6 system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 

7 like assistance from a USPTO Customer Service Representative or access to the automated 

8 information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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10 
11 

12 
13 



/Matthew T Henning/ 
Examiner, Art Unit 243 1 



